Описание
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1:2.11.0-3 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [1:1.9.1-1ubuntu0.5]] |
| esm-infra/xenial | released | 1:2.7.4-0ubuntu1.1 |
| precise/esm | DNE | |
| trusty | released | 1:1.9.1-1ubuntu0.5 |
| trusty/esm | DNE | trusty was released [1:1.9.1-1ubuntu0.5] |
| upstream | released | 1:2.11.0-3 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| xenial | released | 1:2.7.4-0ubuntu1.1 |
Показывать по
Ссылки на источники
EPSS
6.5 Medium
CVSS2
8.8 High
CVSS3
Связанные уязвимости
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7 ...
EPSS
6.5 Medium
CVSS2
8.8 High
CVSS3